Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in International/EU Privacy

Regulators Announce International Investigation into Practices of Internet Connected Devices

shutterstock_314652596A number of data protection authorities (DPAs) around the globe have issued press releases confirming their involvement in the 2016 global privacy “sweep”, which kicked off on April 11th.  This year’s initiative involves a coordinated investigation by 29 DPAs into the practices of internet-connected (Internet of Things or IoT) devices, such as fitness and health trackers, thermostats, smart meters and TVs and connected cars.  The work is being coordinated by the Global Privacy Enforcement Network under the leadership of the UK Information Commissioner’s Office. Continue Reading

Posted in International/EU Privacy

European Commission Launches Public Consultation on the Evaluation and Review of the ePrivacy Directive

shutterstock_356121362On 12 April 2016, the European Commission launched a public consultation (the “Consultation“) on the ePrivacy Directive (2002/58/EC; the “epD“). Interested parties who wish to participate have until 5 July 2016 to submit responses to the Commission’s 33 questions.

Continue Reading

Posted in International/EU Privacy

Article 29 Working Party Sees Privacy Shield Glass Half Empty

shutterstock_285945950From the moment that the Chairman of the Article 29 Working Party, Isabelle Falque-Pierrotin, announced at a press conference on 3rd February this year that the Working Party would assess the standing of the EU-US Privacy Shield under EU law, privacy professionals have been waiting to see what the Working Party’s view would be.  Earlier this week, on 13th April, the Working Party provided their initial opinion.  On the one hand, the Working Party welcomed the significant improvements of the Privacy Shield as a positive step forward. Yet, on the other hand, the Working Party set out their strong concerns on the commercial aspects of the Privacy Shield and the ability for US public authorities to access data transferred under the Privacy Shield.  The opinion concluded by urging the European Commission to resolve these concerns and improve the Privacy Shield. Continue Reading

Posted in International/EU Privacy

GDPR Likely to be Adopted by the EU Parliament on 14 April 2016

shutterstock_318496325Last Friday, the EU Council has adopted its position at first reading on the data protection reform. This prepares the way for the final adoption of the legislative package which includes the General Data Protection Regulation (GDPR) by the European Parliament on 14 April 2016. This formal adoption by the EU Council comes after the compromise agreed with the European Parliament on 15 December 2015.

Continue Reading

Posted in Consumer Privacy

NTIA Commences Internet of Things Proceeding

shutterstock_310925975On April 5, 2016, the National Telecommunications and Information Administration (NTIA) initiated an inquiry to review the potential benefits and challenges presented by the Internet of Things (IoT). In its Notice and request for public comment (RFC), NTIA is seeking input on the current IoT technological and policy landscape with a goal of developing recommendations—in the form of a Green Paper—as to whether and how the federal government should play a role in fostering the advancement of IoT technologies.

Comments are due on or before May 23, 2016 at 5:00 p.m. eastern; parties across industry sectors are encouraged to comment.  Continue Reading

Posted in Health Privacy/HIPAA

FTC Releases Web Tool for Mobile Health App Developers

shutterstock_134749508The FTC released this week a web-based tool to assist mobile app developers in determining which federal privacy laws apply to their mobile health applications. The tool asks developers a series of ten targeted questions that help a user determine whether HIPAA, FTC, and/or FDA rules and regulations might apply.

The interactive developer tool presents users with questions that include topics such as:

  • the type of information the app will create, receive, maintain, and transmit
  • the type of entity creating the app (or on whose behalf the app is created)
  • the purposes of the app
  • the information the app will provide to consumers and/or patients

The answer to each question points the user to the laws and regulations that may likely apply to the app.  The tool also directs users to definitions for common regulatory terms, links, tips and guidance regarding compliance, and other federal agency resources. Continue Reading

Posted in News & Events

Hogan Lovells Brings Together Industry and Government Leaders for Second Annual Health Privacy Law Forum

shutterstock_286916690Hogan Lovells hosted the second annual Health Privacy Law Forum (HPLF) for health privacy professionals yesterday.  Participants spoke with Deven McGraw, Deputy Director of Health Information Privacy at the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and former Federal Trade Commissioner (FTC) Julie Brill, now a partner at Hogan Lovells and co-chair of its Privacy and Cybersecurity practice. Continue Reading

Posted in Health Privacy/HIPAA

OCR Releases Updated Audit Protocol

hhs_logo_largeThe revamped audit protocol for the upcoming HIPAA Phase 2 audits has been released by the US Department of Health and Human Services Office for Civil Rights (OCR).  The audit protocol, which is posted on the HHS website, includes new requirements added by the 2013 Omnibus Final Rule for HIPAA covered entities and business associates.  The Phase 2 audits will be more focused, and the stakes will be higher: the agency has indicated that audits may, in certain circumstances, lead to full compliance reviews—with the potential for fines or settlement agreements related to alleged HIPAA noncompliance.  In addition, business associates will be subject to HIPAA audits for the first time. Continue Reading

Posted in Consumer Privacy

Five Lessons from the FTC’s Latest Native Advertising Action

FTC LogoOn March 15, 2016, the Federal Trade Commission (FTC) reached an agreement with Lord & Taylor to settle charges that the luxury department store brand engaged in allegedly deceptive native advertising practices by failing to disclose and accurately represent its relationship to online magazines and fashion “influencers” who promoted the brand. This latest enforcement action follows the FTC’s release of a policy statement on native advertising practices and a companion set of guidelines for businesses. The action provides a cautionary tale with practical lessons about the importance of transparency in marketing strategies that mimic the look and feel of surrounding content. Continue Reading

Posted in News & Events

April 2016 Privacy and Cybersecurity Events

Please join us for our April 2016 Privacy and Cybersecurity Events.

April 1
Connected Cars
Tim Tobin will be a panelist on legal and ethical issues facing automated vehicles at Texas A&M Law School.
Location: Fort Worth, Texas

 

April 4
Texts and Robocalls at IAPP
Mark Brennan will co-lead a workshop at the IAPP Global Privacy Summit entitled “Troubled Waters with Texts and Robocalls: Compliance and Enforcement Issues under TCPA and the TSR.”
Location: Washington, D.C.

 

April 5
Health Privacy at IAPP
Marcy Wilder will moderate the panel “Is Privacy Destroying Big Data in Healthcare,” featuring the Chief Privacy Officer of the U.S. Department of Health and Human Services at the IAPP Global Privacy Summit.
Location: Washington, D.C.

Continue Reading